icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

KDE KMail HTML Email Information Spoofing

Medium

Synopsis

The remote host is running a vulnerable email client.

Description

The remote client is running Kmail, an email client for Unix and Unix-like operating systems. This version is vulnerable to a content-parsing flaw within the HTML handlers. Specifically, a client with HTML enabled may be sent a malicious email that is able to overlap portions of the displayed email. This can be used to convince users to perform web-based tasks that have unexpected results.

Solution

Upgrade or patch according to vendor recommendations.